SlideShare a Scribd company logo
1 of 74
Download to read offline
EXTREMERISK
10 WAYS POORLY MANAGED TECH
CAN DESTROY YOUR COMPANY
dude, failing to manage IT
risk is serious
you might have to stop doing business altogether
stolen data can be used against your customers
the press may have a field day on you
it will be even worse in social media
you could lose critical assets
employees or directors could go to jail
competitors may learn your secrets
you may have to pay fines
the trust you've built into your brand may disappear
IT can be extremely complex & opaque, may require
and just cause you’re a
small, nimble start-up does
not give you license to be
sloppy (especially if you
hope to pass exit due
diligence)
here are 10 obvious, but
common, mistakes to
avoid…
LACK
LEADERSHIPMISTAKE
LACK LEADERSHIP
Leadership must
understand the strategic
importance of technology
risk management
They must also be involved
with decision-making and
communicate like crazy
MISTAKE
LACK LEADERSHIP
Leadership must put in place a
technology risk management
(TRM) framework that includes
the right culture, policies,
standards (enterprise
requirements), & control
procedures
They must also be responsible
for communications & the
quality of firm wide execution
MISTAKE
LACK LEADERSHIP
Leadership must get the right
people, in the right roles, at
the right time, with the right
trainingMISTAKE
LACK LEADERSHIP
Leadership must ensure that
risks are identified and
prioritized by likelihood and
severityMISTAKE
LACK LEADERSHIP
Leadership must identify
control gaps, prioritize and
budget for remediation, &
monitor projects to close themMISTAKE
LACK LEADERSHIP
Leadership must approve &
track exceptions
MISTAKE
LACK LEADERSHIP
Line managers must be
engaged & accountable for
TRM
TRM must not be seen as
red tape. It must be seen as
a core job function of a
technology manager (and
disciplined/rewarded as
such)
MISTAKE
LACK TRM
FRAMEWORKMISTAKE
LACK TRM FRAMEWORK
ATRM Framework must
protect data & IT assets from
unauthorized access or
disclosure, misuse, and
fraudulent modification
MISTAKE
LACK TRM FRAMEWORK
ATRM Framework must
ensure data confidentiality,
system security, reliability,
resiliency, & recoverabilityMISTAKE
LACK TRM FRAMEWORK
ATRM Framework must
define roles & responsibilities
MISTAKE
LACK TRM FRAMEWORK
ATRM Framework must
identify & prioritize IT assets
MISTAKE
LACK TRM FRAMEWORK
ATRM Framework must
identify & assess impact and
likelihood of operational &
emerging risk including internal
& external networks, hardware,
software, interfaces, operations,
and human resources
The firm must also have a
mechanism to identify risk
trends externally
MISTAKE
LACK TRM FRAMEWORK
ATRM Framework must
methodically & regularly
inventory and prioritize risks,
controls, exceptions, and
gaps
MISTAKE
LACK TRM FRAMEWORK
ATRM Framework must be
updated regularly
MISTAKE
LACK PARTNER
OVERSIGHT
MISTAKE
LACK PARTNER OVERSIGHT
IT provided or supported by
partners must be in scope &
leadership must fully
understand outsourcing risks
Outsourced IT infrastructure is
still part of your TRM. You
can’t wash your hands of it
* Provision or support includes system development and
support, DC ops, network admin, BCP, hosting / cloud
and can involve one or more parties in or out of country
MISTAKE
LACK PARTNER OVERSIGHT
Proper due diligence must
ensure viability, capability,
reliability, & stability of
vendorsMISTAKE
LACK PARTNER OVERSIGHT
Written contracts must define
expected risk-related service
levels, roles, obligations, &
control processes in detail
They must also be reviewed
regularly
* For example, performance targets, service levels,
availability, reliability, scalability, compliance, audit,
security, contingency planning, disaster recovery and
backup
MISTAKE
LACK PARTNER OVERSIGHT
A Service Level Management
Framework such as the IT
Infrastructure Library (ITIL)
must ensure continuing,
monitored controls
compliance
MISTAKE
LACK PARTNER OVERSIGHT
An exit / backup plan must be
in place to switch partners if
required
MISTAKE
LACK PORTFOLIO
MANAGEMENT
MISTAKE
LACK PORTFOLIO MGMT
The entire technology
portfolio/platform must be
managed through it's
lifecycle
The business must be
engaged with portfolio
strategy as a key
stakeholder
MISTAKE
LACK PORTFOLIO MGMT
Enterprise architecture
strategy must be supported
by accurate & accessible
MIS and asset management
data
MISTAKE
LACK PORTFOLIO MGMT
Leadership must define,
document, & communicate
the target state platform
MISTAKE
LACK PORTFOLIO MGMT
A professional Project /
Change Management
Framework like Project
Management Body Of
Knowledge (PMBOK) or ITIL
must guide change from
current to target
MISTAKE
LACK PORTFOLIO MGMT
A professional Quality
Management program
should ensure quality of
build and operate
For example, a documented
software development
lifecycle (SDLC) should
effectively guide
development & code quality
MISTAKE
LACK PORTFOLIO MGMT
There must be strong
testing & code review
controls
MISTAKE
LACK PORTFOLIO MGMT
ITAcquisition must be
strategically aligned
MISTAKE
LACK PORTFOLIO MGMT
Technology exit planning
must be explicit & tracked
MISTAKE
LACK SERVICE
MANAGEMENT
MISTAKE
LACK SERVICE MGMT
Ongoing IT operations must
be guided by a Service
Management (SM)
Framework like ITILMISTAKE
LACK SERVICE MGMT
The SM Framework should
cover:
• Change Management & DevOps
• Release & Deployment
Management
• Capacity Management
• Incident Management
• Problem Management
• Source Code Control
• Asset Inventory & Config
Management
• Backup & Recovery
MISTAKE
LACK
RECOVERABILITY
MISTAKE
LACK RECOVERABILITY
The firm needs a realistic,
business-prioritized,
strategically-aligned & simple
business continuity plan
(BCP) that ensures reliability,
performance, scalability,
availability, and recoverability
MISTAKE
LACK RECOVERABILITY
The BCP should identify
critical systems (those that
must not go down) as well as
recovery point objectives
(RPO) and recovery time
objectives (RTO) to guide
restoration service levels
MISTAKE
LACK RECOVERABILITY
The disaster recovery plan
should cover multiple
scenarios, expose
dependencies, & be tested
regularly
MISTAKE
LACK RECOVERABILITY
Backup management must
ensure that IT assets can be
recovered as soon as
required, depending on
priority & that dependencies
are understood
MISTAKE
LACK RECOVERABILITY
There should be a
Communications Plan
defined in advance to deal
with various scenariosMISTAKE
LACK DATA
SECURITYMISTAKE
LACK DATA SECURITY
You must protect data,
hardware, software, and
networks from accidental or
intentional unauthorized
access or tampering by
internal or external parties
MISTAKE
LACK DATA SECURITY
You must identify levels of
data sensitivity and ensure
escalating levels of
protection based upon the
significance / priority of risk.
MISTAKE
LACK DATA SECURITY
You must have end-to-end
data protection such as
encryption when you are
dealing with confidential data
Your controls / standards
must be in force wherever
your data is stored or
transmitted
MISTAKE
LACK DATA SECURITY
You must properly dispose
of assets that hold
confidential data
MISTAKE
LACK DATA SECURITY
You must have a
mechanism to monitor
security & react as required
MISTAKE
LACK SYSTEM
SECURITY
MISTAKE
LACK SYSTEM SECURITY
You must protect data,
hardware, software, and
networks from accidental or
intentional unauthorized
access or tampering by
internal or external parties
MISTAKE
LACK SYSTEM SECURITY
You must identify levels of
sensitivity & ensure escalating
levels of protection based
upon the significance / priority
of risk
MISTAKE
LACK SYSTEM SECURITY
You must ensure that IT
assets are patched as
required
You must ensure that IT
assets are migrated out of
production before End-of-Life
or End-of-Service
MISTAKE
LACK SYSTEM SECURITY
You must deploy the right
level of network security
(including anti-virus) across
operating systems, network
devices, databases, and
enterprise mobile devices
MISTAKE
LACK SYSTEM SECURITY
Key points in the
infrastructure (perimeter &
internal as required) must be
protected through intrusion
detection & prevention tools
such as firewalls
MISTAKE
LACK SYSTEM SECURITY
You must test security using
vulnerability assessment &
penetration testing regularly
MISTAKE
LACK SYSTEM SECURITY
You must have a mechanism
to monitor security and react
as required
MISTAKE
LACK PHYSICAL
SECURITY
MISTAKE
LACK PHYSICAL SECURITY
You must protect data,
hardware, software, and
networks from accidental or
intentional unauthorized
access or tampering by
internal or external parties
MISTAKE
LACK PHYSICAL SECURITY
You must identify levels of
sensitivity & ensure
escalating levels of protection
based upon the significance /
priority of risk
MISTAKE
LACK PHYSICAL SECURITY
There must be regular threat
and vulnerability
assessments
MISTAKE
LACK PHYSICAL SECURITY
You must implement
appropriate physical security
such as need-to-access-only
requirements & security /
surveillance systems
MISTAKE
LACK PHYSICAL SECURITY
Critical resources such as air,
water, power fire
suppression, &
communications should be
redundant where required
MISTAKE
LACK ACCESS
CONTROLS
MISTAKE
LACK ACCESS CONTROLS
For critical / sensitive systems
an individual must not be
granted access alone (never-
alone principle)
MISTAKE
LACK ACCESS CONTROLS
The transaction process
should prevent a single person
from initiating, approving, and
executing by themselves
(segregation of duties)
Job rotation is recommended
for sensitive functions
MISTAKE
LACK ACCESS CONTROLS
Access should be limited to
need-to-know (access-control
principle)MISTAKE
LACK ACCESS CONTROLS
Access should be logged and
access rights should be easy
to review & modify as access
rights change naturally over
time
MISTAKE
LACK ACCESS CONTROLS
There must be separate
environments for
development, testing, and
production with controlled
access to production where
production access is limited
and governed by segregation
of duties
MISTAKE
SHARE THIS DECK
& FOLLOW ME(please-oh-please-oh-please-oh-please)
stay up to date with my future
slideshare posts
http://www.slideshare.net/selenasol/presentations
https://twitter.com/eric_tachibana
http://www.linkedin.com/pub/eric-tachibana/0/33/b53
CLICK HERE FOR MORE!!!!
CREATIVE COMMONS ATTRIBUTIONS & REFERENCES
Title Slide: http://www.flickr.com/photos/23754017@N08/
Dude Slide: http://www.flickr.com/photos/karen_od/
Ewok Slide: http://www.flickr.com/photos/daviddurantrejo/
Leadership Slide: http://www.flickr.com/photos/daviddurantrejo/
Tech Risk Mgmt Slide: http://www.flickr.com/photos/daviddurantrejo/
Partner Oversight Slide: http://www.flickr.com/photos/daviddurantrejo/
Service Mgmt Slide: http://www.flickr.com/photos/gageskidmore/
Portfolio Mgmt Slide: http://www.flickr.com/photos/fotomaf/
Recoverability Slide: http://www.flickr.com/photos/karen_od/
Data Security Slide: http://www.flickr.com/photos/daviddurantrejo/
System Security Slide: http://www.flickr.com/photos/daviddurantrejo /
Physical Security Slide: http://www.flickr.com/photos/fotomaf/
Access Controls Slide: http://www.flickr.com/photos/daviddurantrejo/
http://www.mas.gov.sg
http://www.isaca.org
http://coso.org/guidance.htm
http://www.itil-officialsite.com
http://www.pmi.org
Please note that all content & opinions expressed in this deck are my own and don’t necessarily
represent the position of my current, or any previous, employers

More Related Content

What's hot

The real cost of a cheap security operations center
The real cost of a cheap security operations centerThe real cost of a cheap security operations center
The real cost of a cheap security operations centerCyberhat
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integrationMichael Nickle
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptxPiyush Jain
 
Rothke secure360 building a security operations center (soc)
Rothke   secure360 building a security operations center (soc)Rothke   secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)Ben Rothke
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations centerCMR WORLD TECH
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...at MicroFocus Italy ❖✔
 
8 Reasons Why You Need A Strategy Management Software
8 Reasons Why You Need A Strategy Management Software8 Reasons Why You Need A Strategy Management Software
8 Reasons Why You Need A Strategy Management SoftwareCorporater
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012  building a security operations center (soc)Rothke rsa 2012  building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)Ben Rothke
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckSlideTeam
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj Purandare ☁
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention Manish Dixit Ceh
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterKomand
 
CEO / CXO Architecture - The missing piece in your BI&A architecture
CEO / CXO Architecture - The missing piece in your BI&A architectureCEO / CXO Architecture - The missing piece in your BI&A architecture
CEO / CXO Architecture - The missing piece in your BI&A architectureCorporater
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityRahul Tyagi
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)Vijilan IT Security solutions
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Resolver Inc.
 
Security operations center 5 security controls
 Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controlsAlienVault
 
A Guide to Managed Security Services
A Guide to Managed Security ServicesA Guide to Managed Security Services
A Guide to Managed Security ServicesGraham Mann
 

What's hot (20)

The real cost of a cheap security operations center
The real cost of a cheap security operations centerThe real cost of a cheap security operations center
The real cost of a cheap security operations center
 
Ca world 2007 SOC integration
Ca world 2007 SOC integrationCa world 2007 SOC integration
Ca world 2007 SOC integration
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptx
 
Rothke secure360 building a security operations center (soc)
Rothke   secure360 building a security operations center (soc)Rothke   secure360 building a security operations center (soc)
Rothke secure360 building a security operations center (soc)
 
Strategy considerations for building a security operations center
Strategy considerations for building a security operations centerStrategy considerations for building a security operations center
Strategy considerations for building a security operations center
 
State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...State of Security Operations 2016 report of capabilities and maturity of cybe...
State of Security Operations 2016 report of capabilities and maturity of cybe...
 
8 Reasons Why You Need A Strategy Management Software
8 Reasons Why You Need A Strategy Management Software8 Reasons Why You Need A Strategy Management Software
8 Reasons Why You Need A Strategy Management Software
 
Rothke rsa 2012 building a security operations center (soc)
Rothke rsa 2012  building a security operations center (soc)Rothke rsa 2012  building a security operations center (soc)
Rothke rsa 2012 building a security operations center (soc)
 
How To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete DeckHow To Present Cyber Security To Senior Management Complete Deck
How To Present Cyber Security To Senior Management Complete Deck
 
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
Manoj purandare - Stratergy towards an Effective Security Operations Centre -...
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
Cyber crime with privention
Cyber crime with privention Cyber crime with privention
Cyber crime with privention
 
When and How to Set up a Security Operations Center
When and How to Set up a Security Operations CenterWhen and How to Set up a Security Operations Center
When and How to Set up a Security Operations Center
 
CEO / CXO Architecture - The missing piece in your BI&A architecture
CEO / CXO Architecture - The missing piece in your BI&A architectureCEO / CXO Architecture - The missing piece in your BI&A architecture
CEO / CXO Architecture - The missing piece in your BI&A architecture
 
Cyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe SecurityCyber Risk Quantification | Safe Security
Cyber Risk Quantification | Safe Security
 
Security assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP PrepSecurity assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP Prep
 
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
5 BEST PRACTICES FOR A SECURITY OPERATION CENTER (SOC)
 
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
Why You Should Prioritize Third Party Risk Management (TPRM) in Today's Marke...
 
Security operations center 5 security controls
 Security operations center 5 security controls Security operations center 5 security controls
Security operations center 5 security controls
 
A Guide to Managed Security Services
A Guide to Managed Security ServicesA Guide to Managed Security Services
A Guide to Managed Security Services
 

Viewers also liked

26 ways to recognize employees
26 ways to recognize employees26 ways to recognize employees
26 ways to recognize employeesEric Tachibana
 
Be an enterprise social network rockstar
Be an enterprise social network rockstarBe an enterprise social network rockstar
Be an enterprise social network rockstarEric Tachibana
 
10 strategy must haves
10 strategy must haves10 strategy must haves
10 strategy must havesEric Tachibana
 
Start-up Financial Forecasting
Start-up Financial ForecastingStart-up Financial Forecasting
Start-up Financial ForecastingEric Tachibana
 
Social influence for startups marketers
Social influence for startups marketersSocial influence for startups marketers
Social influence for startups marketersEric Tachibana
 
Barriers to Entry and Exit
Barriers to Entry and ExitBarriers to Entry and Exit
Barriers to Entry and Exittutor2u
 
The art of naming startups and products
The art of naming startups and productsThe art of naming startups and products
The art of naming startups and productsEric Tachibana
 
Funding Your Startup 101 - M.A. Fashion Entrepreneurship & Innovation Lecture...
Funding Your Startup 101 - M.A. Fashion Entrepreneurship & Innovation Lecture...Funding Your Startup 101 - M.A. Fashion Entrepreneurship & Innovation Lecture...
Funding Your Startup 101 - M.A. Fashion Entrepreneurship & Innovation Lecture...Nina Faulhaber
 
Basics of Startup Financial Planning
Basics of Startup Financial PlanningBasics of Startup Financial Planning
Basics of Startup Financial PlanningeCornell
 
8 Reasons to fail regularly
8 Reasons to fail regularly8 Reasons to fail regularly
8 Reasons to fail regularlyEric Tachibana
 
Financial Ratios for Entrepreneurs
Financial Ratios for EntrepreneursFinancial Ratios for Entrepreneurs
Financial Ratios for EntrepreneursEric Tachibana
 
300 slideshares that entrepreneurs must read
300 slideshares that entrepreneurs must read300 slideshares that entrepreneurs must read
300 slideshares that entrepreneurs must readEric Tachibana
 
8 rules of finance for entrepreneurs
8 rules of finance for entrepreneurs8 rules of finance for entrepreneurs
8 rules of finance for entrepreneursEric Tachibana
 
Steal this idea - 10 Great Start-up Ideation Accelerators
Steal this idea - 10 Great Start-up Ideation AcceleratorsSteal this idea - 10 Great Start-up Ideation Accelerators
Steal this idea - 10 Great Start-up Ideation AcceleratorsEric Tachibana
 
Dirty Little Startup Secret: Barriers to entry
Dirty Little Startup Secret: Barriers to entryDirty Little Startup Secret: Barriers to entry
Dirty Little Startup Secret: Barriers to entryEric Tachibana
 
99 questions winning entrepreneurs must answer: the minimum viable business plan
99 questions winning entrepreneurs must answer: the minimum viable business plan99 questions winning entrepreneurs must answer: the minimum viable business plan
99 questions winning entrepreneurs must answer: the minimum viable business planEric Tachibana
 
Inspiring and failed logos
Inspiring and failed logosInspiring and failed logos
Inspiring and failed logosEric Tachibana
 
Avoid these 10 mistakes in your internal communications strategy
Avoid these 10 mistakes in your internal communications strategyAvoid these 10 mistakes in your internal communications strategy
Avoid these 10 mistakes in your internal communications strategyVing
 

Viewers also liked (19)

26 ways to recognize employees
26 ways to recognize employees26 ways to recognize employees
26 ways to recognize employees
 
Be an enterprise social network rockstar
Be an enterprise social network rockstarBe an enterprise social network rockstar
Be an enterprise social network rockstar
 
10 strategy must haves
10 strategy must haves10 strategy must haves
10 strategy must haves
 
5 things I wish I knew before starting up
5 things I wish I knew before starting up5 things I wish I knew before starting up
5 things I wish I knew before starting up
 
Start-up Financial Forecasting
Start-up Financial ForecastingStart-up Financial Forecasting
Start-up Financial Forecasting
 
Social influence for startups marketers
Social influence for startups marketersSocial influence for startups marketers
Social influence for startups marketers
 
Barriers to Entry and Exit
Barriers to Entry and ExitBarriers to Entry and Exit
Barriers to Entry and Exit
 
The art of naming startups and products
The art of naming startups and productsThe art of naming startups and products
The art of naming startups and products
 
Funding Your Startup 101 - M.A. Fashion Entrepreneurship & Innovation Lecture...
Funding Your Startup 101 - M.A. Fashion Entrepreneurship & Innovation Lecture...Funding Your Startup 101 - M.A. Fashion Entrepreneurship & Innovation Lecture...
Funding Your Startup 101 - M.A. Fashion Entrepreneurship & Innovation Lecture...
 
Basics of Startup Financial Planning
Basics of Startup Financial PlanningBasics of Startup Financial Planning
Basics of Startup Financial Planning
 
8 Reasons to fail regularly
8 Reasons to fail regularly8 Reasons to fail regularly
8 Reasons to fail regularly
 
Financial Ratios for Entrepreneurs
Financial Ratios for EntrepreneursFinancial Ratios for Entrepreneurs
Financial Ratios for Entrepreneurs
 
300 slideshares that entrepreneurs must read
300 slideshares that entrepreneurs must read300 slideshares that entrepreneurs must read
300 slideshares that entrepreneurs must read
 
8 rules of finance for entrepreneurs
8 rules of finance for entrepreneurs8 rules of finance for entrepreneurs
8 rules of finance for entrepreneurs
 
Steal this idea - 10 Great Start-up Ideation Accelerators
Steal this idea - 10 Great Start-up Ideation AcceleratorsSteal this idea - 10 Great Start-up Ideation Accelerators
Steal this idea - 10 Great Start-up Ideation Accelerators
 
Dirty Little Startup Secret: Barriers to entry
Dirty Little Startup Secret: Barriers to entryDirty Little Startup Secret: Barriers to entry
Dirty Little Startup Secret: Barriers to entry
 
99 questions winning entrepreneurs must answer: the minimum viable business plan
99 questions winning entrepreneurs must answer: the minimum viable business plan99 questions winning entrepreneurs must answer: the minimum viable business plan
99 questions winning entrepreneurs must answer: the minimum viable business plan
 
Inspiring and failed logos
Inspiring and failed logosInspiring and failed logos
Inspiring and failed logos
 
Avoid these 10 mistakes in your internal communications strategy
Avoid these 10 mistakes in your internal communications strategyAvoid these 10 mistakes in your internal communications strategy
Avoid these 10 mistakes in your internal communications strategy
 

Similar to Extreme risk - how bad tech mgmt destroys firms

Roadmap to SAP® Security and Compliance | Symmetry
Roadmap to SAP® Security and Compliance | SymmetryRoadmap to SAP® Security and Compliance | Symmetry
Roadmap to SAP® Security and Compliance | SymmetrySymmetry™
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfJustinBrown267905
 
INFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics securityINFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics securityJoel Cardella
 
What is dr and bc 12-2017
What is dr and bc 12-2017What is dr and bc 12-2017
What is dr and bc 12-2017Atef Yassin
 
Enterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftEnterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftAppsian
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingCCI Training Center
 
5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management Program5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management ProgramTripwire
 
Sap Security Assessment V3 English
Sap Security Assessment V3 EnglishSap Security Assessment V3 English
Sap Security Assessment V3 Englishguest5bd7a1
 
Building a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdfBuilding a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdfTapOffice
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)abhimanyubhogwan
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadsavassociates1
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainSanjay Chadha, CPA, CA
 
Grow Up! Evaluating and Maturing Your SOC using MITRE ATT&CK
Grow Up! Evaluating and Maturing Your SOC using MITRE ATT&CKGrow Up! Evaluating and Maturing Your SOC using MITRE ATT&CK
Grow Up! Evaluating and Maturing Your SOC using MITRE ATT&CKMITRE ATT&CK
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016Prime Infoserv
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Scott Carlson
 
Alienvault how to build a security operations center (on a budget) (2017, a...
Alienvault   how to build a security operations center (on a budget) (2017, a...Alienvault   how to build a security operations center (on a budget) (2017, a...
Alienvault how to build a security operations center (on a budget) (2017, a...Asep Syihabuddin
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 

Similar to Extreme risk - how bad tech mgmt destroys firms (20)

Roadmap to SAP® Security and Compliance | Symmetry
Roadmap to SAP® Security and Compliance | SymmetryRoadmap to SAP® Security and Compliance | Symmetry
Roadmap to SAP® Security and Compliance | Symmetry
 
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdfFor Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
For Public_ Cybersecurity_ Frameworks, Fundamentals, and Foundations 2023.pdf
 
INFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics securityINFRAGARD 2014: Back to basics security
INFRAGARD 2014: Back to basics security
 
What is dr and bc 12-2017
What is dr and bc 12-2017What is dr and bc 12-2017
What is dr and bc 12-2017
 
Enterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftEnterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoft
 
ISS CAPSTONE TEAM
ISS CAPSTONE TEAMISS CAPSTONE TEAM
ISS CAPSTONE TEAM
 
Secure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security TrainingSecure Your Career Shift With Computer-Security Training
Secure Your Career Shift With Computer-Security Training
 
5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management Program5 Steps to an Effective Vulnerability Management Program
5 Steps to an Effective Vulnerability Management Program
 
Sap Security Assessment V3 English
Sap Security Assessment V3 EnglishSap Security Assessment V3 English
Sap Security Assessment V3 English
 
Building a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdfBuilding a Security Operations Center (SOC).pdf
Building a Security Operations Center (SOC).pdf
 
Threat modelling(system + enterprise)
Threat modelling(system + enterprise)Threat modelling(system + enterprise)
Threat modelling(system + enterprise)
 
Secure Iowa Oct 2016
Secure Iowa Oct 2016Secure Iowa Oct 2016
Secure Iowa Oct 2016
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor upload
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chain
 
Grow Up! Evaluating and Maturing Your SOC using MITRE ATT&CK
Grow Up! Evaluating and Maturing Your SOC using MITRE ATT&CKGrow Up! Evaluating and Maturing Your SOC using MITRE ATT&CK
Grow Up! Evaluating and Maturing Your SOC using MITRE ATT&CK
 
Infocon Bangladesh 2016
Infocon Bangladesh 2016Infocon Bangladesh 2016
Infocon Bangladesh 2016
 
Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?Just Trust Everyone and We Will Be Fine, Right?
Just Trust Everyone and We Will Be Fine, Right?
 
Alienvault how to build a security operations center (on a budget) (2017, a...
Alienvault   how to build a security operations center (on a budget) (2017, a...Alienvault   how to build a security operations center (on a budget) (2017, a...
Alienvault how to build a security operations center (on a budget) (2017, a...
 
Dit yvol2iss8
Dit yvol2iss8Dit yvol2iss8
Dit yvol2iss8
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 

More from Eric Tachibana

Intellectual property for entrepreneurs
Intellectual property for entrepreneursIntellectual property for entrepreneurs
Intellectual property for entrepreneursEric Tachibana
 
7Vs and Business Model Validation
7Vs and Business Model Validation7Vs and Business Model Validation
7Vs and Business Model ValidationEric Tachibana
 
Key Person Risk and Succession Planning Workshop
Key Person Risk and Succession Planning WorkshopKey Person Risk and Succession Planning Workshop
Key Person Risk and Succession Planning WorkshopEric Tachibana
 
Advice for Corporate Accelerator Mentors
Advice for Corporate Accelerator MentorsAdvice for Corporate Accelerator Mentors
Advice for Corporate Accelerator MentorsEric Tachibana
 
An Intro to the Financial Services Industry
An Intro to the Financial Services IndustryAn Intro to the Financial Services Industry
An Intro to the Financial Services IndustryEric Tachibana
 
Making the most of your start up mentor workshop - dbs hotspot accelerator
Making the most of your start up mentor workshop - dbs hotspot acceleratorMaking the most of your start up mentor workshop - dbs hotspot accelerator
Making the most of your start up mentor workshop - dbs hotspot acceleratorEric Tachibana
 
Corporate values conversation workshop
Corporate values conversation workshopCorporate values conversation workshop
Corporate values conversation workshopEric Tachibana
 
Rethinking Annual Performance as Workshops
Rethinking Annual Performance as WorkshopsRethinking Annual Performance as Workshops
Rethinking Annual Performance as WorkshopsEric Tachibana
 
Talent Planning Workshop
Talent Planning WorkshopTalent Planning Workshop
Talent Planning WorkshopEric Tachibana
 
Kuala Lumpur CTO Summit - How to fire employees
Kuala Lumpur CTO Summit - How to fire employeesKuala Lumpur CTO Summit - How to fire employees
Kuala Lumpur CTO Summit - How to fire employeesEric Tachibana
 
AWS_asset_configuration_management_whitepaper
AWS_asset_configuration_management_whitepaperAWS_asset_configuration_management_whitepaper
AWS_asset_configuration_management_whitepaperEric Tachibana
 
Being on the board of directors - Why it sucks and how to improve it
Being on the board of directors - Why it sucks and how to improve itBeing on the board of directors - Why it sucks and how to improve it
Being on the board of directors - Why it sucks and how to improve itEric Tachibana
 
Talent management strategy
Talent management strategyTalent management strategy
Talent management strategyEric Tachibana
 
Information wants to be free
Information wants to be freeInformation wants to be free
Information wants to be freeEric Tachibana
 
Baseball for Clueless Parents
Baseball for Clueless ParentsBaseball for Clueless Parents
Baseball for Clueless ParentsEric Tachibana
 

More from Eric Tachibana (20)

Intellectual property for entrepreneurs
Intellectual property for entrepreneursIntellectual property for entrepreneurs
Intellectual property for entrepreneurs
 
7Vs and Business Model Validation
7Vs and Business Model Validation7Vs and Business Model Validation
7Vs and Business Model Validation
 
Key Person Risk and Succession Planning Workshop
Key Person Risk and Succession Planning WorkshopKey Person Risk and Succession Planning Workshop
Key Person Risk and Succession Planning Workshop
 
Beautiful Song Lyrics
Beautiful Song LyricsBeautiful Song Lyrics
Beautiful Song Lyrics
 
Advice for Corporate Accelerator Mentors
Advice for Corporate Accelerator MentorsAdvice for Corporate Accelerator Mentors
Advice for Corporate Accelerator Mentors
 
An Intro to the Financial Services Industry
An Intro to the Financial Services IndustryAn Intro to the Financial Services Industry
An Intro to the Financial Services Industry
 
Making the most of your start up mentor workshop - dbs hotspot accelerator
Making the most of your start up mentor workshop - dbs hotspot acceleratorMaking the most of your start up mentor workshop - dbs hotspot accelerator
Making the most of your start up mentor workshop - dbs hotspot accelerator
 
Corporate values conversation workshop
Corporate values conversation workshopCorporate values conversation workshop
Corporate values conversation workshop
 
Rethinking Annual Performance as Workshops
Rethinking Annual Performance as WorkshopsRethinking Annual Performance as Workshops
Rethinking Annual Performance as Workshops
 
Workshops that Work
Workshops that WorkWorkshops that Work
Workshops that Work
 
Talent Planning Workshop
Talent Planning WorkshopTalent Planning Workshop
Talent Planning Workshop
 
What if Trump Won?!?
What if Trump Won?!?What if Trump Won?!?
What if Trump Won?!?
 
Kuala Lumpur CTO Summit - How to fire employees
Kuala Lumpur CTO Summit - How to fire employeesKuala Lumpur CTO Summit - How to fire employees
Kuala Lumpur CTO Summit - How to fire employees
 
AWS_asset_configuration_management_whitepaper
AWS_asset_configuration_management_whitepaperAWS_asset_configuration_management_whitepaper
AWS_asset_configuration_management_whitepaper
 
Being on the board of directors - Why it sucks and how to improve it
Being on the board of directors - Why it sucks and how to improve itBeing on the board of directors - Why it sucks and how to improve it
Being on the board of directors - Why it sucks and how to improve it
 
Optical illusions
Optical illusionsOptical illusions
Optical illusions
 
Talent management strategy
Talent management strategyTalent management strategy
Talent management strategy
 
Information wants to be free
Information wants to be freeInformation wants to be free
Information wants to be free
 
Baseball for Clueless Parents
Baseball for Clueless ParentsBaseball for Clueless Parents
Baseball for Clueless Parents
 
Be grouchy, but...
Be grouchy, but...Be grouchy, but...
Be grouchy, but...
 

Recently uploaded

UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
20200723_insight_release_plan
20200723_insight_release_plan20200723_insight_release_plan
20200723_insight_release_planJamie (Taka) Wang
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.francesco barbera
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncObject Automation
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataSafe Software
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIUdaiappa Ramachandran
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxYounusS2
 

Recently uploaded (20)

UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
20200723_insight_release_plan
20200723_insight_release_plan20200723_insight_release_plan
20200723_insight_release_plan
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.Digital magic. A small project for controlling smart light bulbs.
Digital magic. A small project for controlling smart light bulbs.
 
GenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation IncGenAI and AI GCC State of AI_Object Automation Inc
GenAI and AI GCC State of AI_Object Automation Inc
 
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial DataCloud Revolution: Exploring the New Wave of Serverless Spatial Data
Cloud Revolution: Exploring the New Wave of Serverless Spatial Data
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
RAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AIRAG Patterns and Vector Search in Generative AI
RAG Patterns and Vector Search in Generative AI
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Babel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptxBabel Compiler - Transforming JavaScript for All Browsers.pptx
Babel Compiler - Transforming JavaScript for All Browsers.pptx
 

Extreme risk - how bad tech mgmt destroys firms

  • 1. EXTREMERISK 10 WAYS POORLY MANAGED TECH CAN DESTROY YOUR COMPANY
  • 2. dude, failing to manage IT risk is serious
  • 3. you might have to stop doing business altogether stolen data can be used against your customers the press may have a field day on you it will be even worse in social media you could lose critical assets employees or directors could go to jail competitors may learn your secrets you may have to pay fines the trust you've built into your brand may disappear IT can be extremely complex & opaque, may require
  • 4. and just cause you’re a small, nimble start-up does not give you license to be sloppy (especially if you hope to pass exit due diligence)
  • 5. here are 10 obvious, but common, mistakes to avoid…
  • 7. LACK LEADERSHIP Leadership must understand the strategic importance of technology risk management They must also be involved with decision-making and communicate like crazy MISTAKE
  • 8. LACK LEADERSHIP Leadership must put in place a technology risk management (TRM) framework that includes the right culture, policies, standards (enterprise requirements), & control procedures They must also be responsible for communications & the quality of firm wide execution MISTAKE
  • 9. LACK LEADERSHIP Leadership must get the right people, in the right roles, at the right time, with the right trainingMISTAKE
  • 10. LACK LEADERSHIP Leadership must ensure that risks are identified and prioritized by likelihood and severityMISTAKE
  • 11. LACK LEADERSHIP Leadership must identify control gaps, prioritize and budget for remediation, & monitor projects to close themMISTAKE
  • 12. LACK LEADERSHIP Leadership must approve & track exceptions MISTAKE
  • 13. LACK LEADERSHIP Line managers must be engaged & accountable for TRM TRM must not be seen as red tape. It must be seen as a core job function of a technology manager (and disciplined/rewarded as such) MISTAKE
  • 15. LACK TRM FRAMEWORK ATRM Framework must protect data & IT assets from unauthorized access or disclosure, misuse, and fraudulent modification MISTAKE
  • 16. LACK TRM FRAMEWORK ATRM Framework must ensure data confidentiality, system security, reliability, resiliency, & recoverabilityMISTAKE
  • 17. LACK TRM FRAMEWORK ATRM Framework must define roles & responsibilities MISTAKE
  • 18. LACK TRM FRAMEWORK ATRM Framework must identify & prioritize IT assets MISTAKE
  • 19. LACK TRM FRAMEWORK ATRM Framework must identify & assess impact and likelihood of operational & emerging risk including internal & external networks, hardware, software, interfaces, operations, and human resources The firm must also have a mechanism to identify risk trends externally MISTAKE
  • 20. LACK TRM FRAMEWORK ATRM Framework must methodically & regularly inventory and prioritize risks, controls, exceptions, and gaps MISTAKE
  • 21. LACK TRM FRAMEWORK ATRM Framework must be updated regularly MISTAKE
  • 23. LACK PARTNER OVERSIGHT IT provided or supported by partners must be in scope & leadership must fully understand outsourcing risks Outsourced IT infrastructure is still part of your TRM. You can’t wash your hands of it * Provision or support includes system development and support, DC ops, network admin, BCP, hosting / cloud and can involve one or more parties in or out of country MISTAKE
  • 24. LACK PARTNER OVERSIGHT Proper due diligence must ensure viability, capability, reliability, & stability of vendorsMISTAKE
  • 25. LACK PARTNER OVERSIGHT Written contracts must define expected risk-related service levels, roles, obligations, & control processes in detail They must also be reviewed regularly * For example, performance targets, service levels, availability, reliability, scalability, compliance, audit, security, contingency planning, disaster recovery and backup MISTAKE
  • 26. LACK PARTNER OVERSIGHT A Service Level Management Framework such as the IT Infrastructure Library (ITIL) must ensure continuing, monitored controls compliance MISTAKE
  • 27. LACK PARTNER OVERSIGHT An exit / backup plan must be in place to switch partners if required MISTAKE
  • 29. LACK PORTFOLIO MGMT The entire technology portfolio/platform must be managed through it's lifecycle The business must be engaged with portfolio strategy as a key stakeholder MISTAKE
  • 30. LACK PORTFOLIO MGMT Enterprise architecture strategy must be supported by accurate & accessible MIS and asset management data MISTAKE
  • 31. LACK PORTFOLIO MGMT Leadership must define, document, & communicate the target state platform MISTAKE
  • 32. LACK PORTFOLIO MGMT A professional Project / Change Management Framework like Project Management Body Of Knowledge (PMBOK) or ITIL must guide change from current to target MISTAKE
  • 33. LACK PORTFOLIO MGMT A professional Quality Management program should ensure quality of build and operate For example, a documented software development lifecycle (SDLC) should effectively guide development & code quality MISTAKE
  • 34. LACK PORTFOLIO MGMT There must be strong testing & code review controls MISTAKE
  • 35. LACK PORTFOLIO MGMT ITAcquisition must be strategically aligned MISTAKE
  • 36. LACK PORTFOLIO MGMT Technology exit planning must be explicit & tracked MISTAKE
  • 38. LACK SERVICE MGMT Ongoing IT operations must be guided by a Service Management (SM) Framework like ITILMISTAKE
  • 39. LACK SERVICE MGMT The SM Framework should cover: • Change Management & DevOps • Release & Deployment Management • Capacity Management • Incident Management • Problem Management • Source Code Control • Asset Inventory & Config Management • Backup & Recovery MISTAKE
  • 41. LACK RECOVERABILITY The firm needs a realistic, business-prioritized, strategically-aligned & simple business continuity plan (BCP) that ensures reliability, performance, scalability, availability, and recoverability MISTAKE
  • 42. LACK RECOVERABILITY The BCP should identify critical systems (those that must not go down) as well as recovery point objectives (RPO) and recovery time objectives (RTO) to guide restoration service levels MISTAKE
  • 43. LACK RECOVERABILITY The disaster recovery plan should cover multiple scenarios, expose dependencies, & be tested regularly MISTAKE
  • 44. LACK RECOVERABILITY Backup management must ensure that IT assets can be recovered as soon as required, depending on priority & that dependencies are understood MISTAKE
  • 45. LACK RECOVERABILITY There should be a Communications Plan defined in advance to deal with various scenariosMISTAKE
  • 47. LACK DATA SECURITY You must protect data, hardware, software, and networks from accidental or intentional unauthorized access or tampering by internal or external parties MISTAKE
  • 48. LACK DATA SECURITY You must identify levels of data sensitivity and ensure escalating levels of protection based upon the significance / priority of risk. MISTAKE
  • 49. LACK DATA SECURITY You must have end-to-end data protection such as encryption when you are dealing with confidential data Your controls / standards must be in force wherever your data is stored or transmitted MISTAKE
  • 50. LACK DATA SECURITY You must properly dispose of assets that hold confidential data MISTAKE
  • 51. LACK DATA SECURITY You must have a mechanism to monitor security & react as required MISTAKE
  • 53. LACK SYSTEM SECURITY You must protect data, hardware, software, and networks from accidental or intentional unauthorized access or tampering by internal or external parties MISTAKE
  • 54. LACK SYSTEM SECURITY You must identify levels of sensitivity & ensure escalating levels of protection based upon the significance / priority of risk MISTAKE
  • 55. LACK SYSTEM SECURITY You must ensure that IT assets are patched as required You must ensure that IT assets are migrated out of production before End-of-Life or End-of-Service MISTAKE
  • 56. LACK SYSTEM SECURITY You must deploy the right level of network security (including anti-virus) across operating systems, network devices, databases, and enterprise mobile devices MISTAKE
  • 57. LACK SYSTEM SECURITY Key points in the infrastructure (perimeter & internal as required) must be protected through intrusion detection & prevention tools such as firewalls MISTAKE
  • 58. LACK SYSTEM SECURITY You must test security using vulnerability assessment & penetration testing regularly MISTAKE
  • 59. LACK SYSTEM SECURITY You must have a mechanism to monitor security and react as required MISTAKE
  • 61. LACK PHYSICAL SECURITY You must protect data, hardware, software, and networks from accidental or intentional unauthorized access or tampering by internal or external parties MISTAKE
  • 62. LACK PHYSICAL SECURITY You must identify levels of sensitivity & ensure escalating levels of protection based upon the significance / priority of risk MISTAKE
  • 63. LACK PHYSICAL SECURITY There must be regular threat and vulnerability assessments MISTAKE
  • 64. LACK PHYSICAL SECURITY You must implement appropriate physical security such as need-to-access-only requirements & security / surveillance systems MISTAKE
  • 65. LACK PHYSICAL SECURITY Critical resources such as air, water, power fire suppression, & communications should be redundant where required MISTAKE
  • 67. LACK ACCESS CONTROLS For critical / sensitive systems an individual must not be granted access alone (never- alone principle) MISTAKE
  • 68. LACK ACCESS CONTROLS The transaction process should prevent a single person from initiating, approving, and executing by themselves (segregation of duties) Job rotation is recommended for sensitive functions MISTAKE
  • 69. LACK ACCESS CONTROLS Access should be limited to need-to-know (access-control principle)MISTAKE
  • 70. LACK ACCESS CONTROLS Access should be logged and access rights should be easy to review & modify as access rights change naturally over time MISTAKE
  • 71. LACK ACCESS CONTROLS There must be separate environments for development, testing, and production with controlled access to production where production access is limited and governed by segregation of duties MISTAKE
  • 72. SHARE THIS DECK & FOLLOW ME(please-oh-please-oh-please-oh-please) stay up to date with my future slideshare posts http://www.slideshare.net/selenasol/presentations https://twitter.com/eric_tachibana http://www.linkedin.com/pub/eric-tachibana/0/33/b53
  • 73. CLICK HERE FOR MORE!!!!
  • 74. CREATIVE COMMONS ATTRIBUTIONS & REFERENCES Title Slide: http://www.flickr.com/photos/23754017@N08/ Dude Slide: http://www.flickr.com/photos/karen_od/ Ewok Slide: http://www.flickr.com/photos/daviddurantrejo/ Leadership Slide: http://www.flickr.com/photos/daviddurantrejo/ Tech Risk Mgmt Slide: http://www.flickr.com/photos/daviddurantrejo/ Partner Oversight Slide: http://www.flickr.com/photos/daviddurantrejo/ Service Mgmt Slide: http://www.flickr.com/photos/gageskidmore/ Portfolio Mgmt Slide: http://www.flickr.com/photos/fotomaf/ Recoverability Slide: http://www.flickr.com/photos/karen_od/ Data Security Slide: http://www.flickr.com/photos/daviddurantrejo/ System Security Slide: http://www.flickr.com/photos/daviddurantrejo / Physical Security Slide: http://www.flickr.com/photos/fotomaf/ Access Controls Slide: http://www.flickr.com/photos/daviddurantrejo/ http://www.mas.gov.sg http://www.isaca.org http://coso.org/guidance.htm http://www.itil-officialsite.com http://www.pmi.org Please note that all content & opinions expressed in this deck are my own and don’t necessarily represent the position of my current, or any previous, employers